Key skills
Cyber SecurityJiraConfluenceLeadershipProject ManagementRisk ManagementCollaboration
About this role
Role Overview
- Join Nordstrom's Technology team as a Senior Privacy & Cybersecurity Governance Analyst, where you'll play a pivotal role in leading strategic privacy and security governance initiatives across the enterprise.
- Serve as primary contact and subject matter expert for domain-specific data privacy activities.
- Identify emerging privacy threats and trends and advise on strategic initiatives to enhance data protection across the organization.
- Evaluate and enhance privacy related risk assessment processes.
- Implement process improvements within their specialized privacy domain, developing standardized approaches and best practices.
- Educate stakeholders on data privacy requirements through training sessions, workshops, and consultation.
- Analyze legal and regulatory developments in privacy and assess their business impact.
- Coordinate operational activities across multiple stakeholders to ensure comprehensive privacy and security input.
- Identify and develop advanced risk management frameworks for holistic risk assessment and treatment.
Requirements
- 5-7 years of experience in privacy, information security, legal, or compliance roles
- Demonstrated leadership in privacy or security program/project delivery with proven ability to drive initiatives to completion
- Practical experience operationalizing privacy regulations and security frameworks in business environments
- Experience coordinating across multiple stakeholders to achieve comprehensive privacy and security outcomes
- Hands-on experience building or maturing a third-party risk management (TPRM) function, including vendor assessment, risk tiering, and ongoing monitoring
- Bachelor's or Master's degree in Information Technology, Computer Science, Engineering, Information Security, or related field, or equivalent work experience
- IAPP certifications preferred (CIPP/US, CIPM, CIPT, or similar)
- Advanced security certification required (CISSP, CISM, CISA, or equivalent)
- Deep understanding of privacy regulations including U.S. privacy laws (CCPA/CPRA and emerging state privacy laws) and their practical application
- In-depth knowledge of cybersecurity frameworks (NIST CSF, ISO 27001, CIS Controls, SOC 2, PCI DSS) and regulatory environments
- Strong understanding of security controls, risk assessment methodologies, and compliance frameworks
- Expertise in control design, implementation, and effectiveness assessment across multiple security domains
- Demonstrated experience with project management tools (e.g., Jira, Confluence, Smartsheet, or similar) to manage initiative tracking, documentation, and cross-functional collaboration
Tech Stack
- Cyber Security
Benefits
- Medical/Vision, Dental, Retirement and Paid Time Away
- Life Insurance and Disability
- Merchandise Discount and EAP Resources